| 제목 | Code-projects Chat System 1.0 SQL Injection |
|---|
| 설명 | Because the id parameter is not sanitized or parameterized, an attacker can inject malicious SQL code to manipulate the database query. By leveraging time-based SQL injection techniques, an attacker can induce deliberate delays in the database response using functions like SLEEP(). This can be used to confirm the presence of the vulnerability and potentially extract sensitive information from the database. |
|---|
| 원천 | ⚠️ https://github.com/Sinon2003/cve/blob/main/chatsystem/sql_inject2.md |
|---|
| 사용자 | Rorochan (UID 79656) |
|---|
| 제출 | 2025. 01. 01. AM 11:31 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 02. AM 09:32 (22 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289939 [code-projects Chat System 1.0 /admin/deleteroom.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|